CVE-2008-1275

MailEnable Standard/Professional/Enterprise < 3.0 - Denial of Service via SMTP EXPN/VRFY Commands

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1275. PoCs published by ryujin.

AI-analyzed exploit summary This exploit triggers a buffer overflow in MailEnable SMTP service via malformed VRFY/EXPN commands, causing a denial-of-service (DoS). It sends a crafted payload to crash the service and verifies the crash by attempting to reconnect.

Description

Multiple unspecified vulnerabilities in the SMTP service in MailEnable Standard Edition 1.x, Professional Edition 3.x and earlier, and Enterprise Edition 3.x and earlier allow remote attackers to cause a denial of service (crash) via crafted (1) EXPN or (2) VRFY commands.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ryujin · pythondoswindows

https://www.exploit-db.com/exploits/5235

View Code ZIP pw:eip

This exploit triggers a buffer overflow in MailEnable SMTP service via malformed VRFY/EXPN commands, causing a denial-of-service (DoS). It sends a crafted payload to crash the service and verifies the crash by attempting to reconnect.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: MailEnable SMTP Service (Standard, Professional, Enterprise Editions, all versions)

No auth needed

Prerequisites: Network access to the SMTP service (port 25)

MITRE ATT&CK